Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

What does this R0 line mean? / HijackThis Log

Posted on 2011-02-27
7
642 Views
Last Modified: 2013-12-06
Hi Friends

I have also found this R0 line on a HijackThis Log from a customer.
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

I know this is for Internet Explorers starting page and search assistant. But what does this line mean exactly? Where can I find more information’s about this line? Why is nothing behind the = ? I have also found some logs with Obfuscated. Is this Spyware? Because I have read this is a sign of spyware and difficult to remove such an infection.

Thank you very much
0
Comment
Question by:awawada
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 22

Assisted Solution

by:optoma
optoma earned 125 total points
ID: 34991399
Hi.
Some info regarding HJT
http://www.bleepingcomputer.com/tutorials/tutorial42.html#RDiag

That line is ok to the best of my knowledge :)

Upload the log to Hijackthis.de to be analyzed and there is an info button beside each line.
http://www.hijackthis.de/


>Apart from that, machine behaving ok?
0
 
LVL 4

Expert Comment

by:FastSi
ID: 34991407
"HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =" with nothing after it I assume it means your browser is not starting with any addon toolbars, I get the same result with nothing after = iwhen I do a scan and mines clean.

not sure about the Obfuscated
0
 
LVL 4

Assisted Solution

by:FastSi
FastSi earned 125 total points
ID: 34991423
Hijack this is by trendmicro so could also post on http://community.trendmicro.com/t5/Malware-Discussions/bd-p/malware
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 18

Author Comment

by:awawada
ID: 34991468
@optoma
Hi optoma

after a long time. hope you are fine?
I know this Tutorial it's pretty good, but i dont find much infos about:
HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

@FastSi
good idea with http://community.trendmicro.com/t5/Malware-Discussions/bd-p/malware .
Are you sure this has something to do with addon toolbars? Has this nothing to do with Internet Explorer Links folder with the Favorites?
0
 
LVL 35

Accepted Solution

by:
torimar earned 250 total points
ID: 34991918
If you launch IE, and go to the Favorites menu, you will see a folder called "Links" in that menu. If you delete it, it will be recreated automatically.

That is what the registry entry:
HKCU\Software\Microsoft\Internet Explorer\Toolbar\LinksFolderName

controls. If "LinksFolderName=Links" the folder will be recreated, if "LinksFolderName=" it will not be recreated.
This is a popular registry tweak: http://www.pctools.com/guides/registry/detail/550/

"LinksFolderName=Links" is the default entry; as long as it is active, HJT does not include the key in its scan report. Once it is changed, HJT will report this.

You could easily let HJT fix the issue, but that may not be in the interest of your client if he/she intentionally applied this reg tweak.
0
 
LVL 22

Expert Comment

by:optoma
ID: 34992197
Hi Awawada.
Been a while. All is fine, thankfully as ever! :)


0
 
LVL 18

Author Closing Comment

by:awawada
ID: 34993110
Thanks Friends!
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The intent of this Article is to provide the basic First Aid steps for working through most malware infections. The target audience includes experienced IT professionals and the casual user who just wants to make the infection go away. **********…
Most PC repair technicians (if not all) always start their cleanup process by emptying the temp folders before running any removal tools. It makes sense because temp folders are common places for malware installers to lurk and removing all the junk …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question